• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Followers 0
jerlgrain

Trojan.Win32.Generic!BT

15 posts in this topic

Hello,

Had family over for the holiday weekend and someone opened a link/file that caused a trojan to infect my PC. Before finding this site I tried to run my AVG. It cleaned some. But apparently not all. I also tried going back about a week to a system restore point. Still nothing. I downloaded and ran the latest version of Ad-Aware. Then did the OTL steps. Here are the files it created.

Ad-Aware said I should restart my system but I did not do that yet. If I should do that first then run the OTL again I would be happy to do so. Just trying to go in the order of the post[size=4] "Read This Before You Post!" first.[/size]


Thanks for any help,
J

Share this post


Link to post
Share on other sites
Hi,

Download DDS and save it to your desktop from [url=http://download.bleepingcomputer.com/sUBs/dds.com][b][color=seagreen]here[/color][/b][/url] or [url=http://download.bleepingcomputer.com/sUBs/dds.scr][b][color=seagreen]here[/color][/b][/url] or [url=http://www.forospyware.com/sUBs/dds][b][color=seagreen]here[/color][/b][/url].
Disable any script blocker, and then double click [b]dds file [/b]to run the tool. [list]
[*]When done, DDS will open two (2) logs: [list=1]
[*] DDS.txt
[*] Attach.txt
[/list]
[*]Save both reports to your desktop. Post them back to your topic.
[/list]

Share this post


Link to post
Share on other sites
Thank you so much for your help.
I disabled AVG and disabled Ad-Aware, then ran the DDS. Here are the two files.

Thank you again,
J

Share this post


Link to post
Share on other sites
Hi,

[color=#FF0000]uTorrent[/color]

Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My [b]recommendation is to uninstall these (and other if present) P2P file sharing programs[/b].


Please visit this webpage for download links, and instructions for running ComboFix tool:

[url]http://www.bleepingcomputer.com/combofix/how-to-use-combofix[/url]

[COLOR=Blue]Please ensure you read this guide carefully first.[/COLOR]

Please continue as follows:

[LIST=1]
[*][b]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix[/b], [url=http://www.bleepingcomputer.com/forums/topic114351.html]link[/url]
Remember to re-enable them afterwards.


[*]Click [B]Yes[/B] to allow ComboFix to continue scanning for malware.
[/LIST]

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

[B]C:\ComboFix.txt
New dds log.[/B]

[COLOR=#ff0000][B]A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.[/B][/COLOR]

Share this post


Link to post
Share on other sites
Ok, a few notes on somethings that happened prior to ComboFix ran in case it helps.

I tried to find an uninstall option for uTorrent. But I could not find it anywhere. I tried the control panel where I normally look first and it does not show uTorrent installed there. I have sometimes had more success going to CCleaner uninstall option and nothing there either. I am guessing since the version I have is probably much older than a current version maybe it got messed up long ago. So, uTorrent is still on at the moment.

Also, AVG would only let me disable it for 15 min. So, I thought I would just uninstall it. And it gave me some errors and would not uninstall. Go figure. So I left AVG on and disabled it for the 15 min, but as I started ComboFix and let it run it only had a minute or so left on AVG before it would be "active" again so I clicked on extend time in AVG to give it more time to not be active. I am sure that may skew something but just wanted to let you know.

And finally, I actually started ComboFix once, then I got the blue screen of death from microsoft. Had to reboot the pc, then ran ComboFix again (with the AVG extend time mentioned above.)

So, finally, here is the file the ComboFix made after the 2nd attempt that did complete. Along with new dds and attach files.

Thank you for your help!
J

Share this post


Link to post
Share on other sites
Hi again,

uTorrent may be version that hasn't entry in uninstall list. In that case deleting its folder is enough.

Uninstall vulnerable [b]Flash[/b] versions by following instructions [url="http://kb2.adobe.com/cps/141/tn_14157.html"]here[/url]. Fresh version can be obtained [url="http://get.adobe.com/flashplayer/"]here[/url].


[b][color=blue]Your Java is out of date.[/color][/b] Older versions have vulnerabilities that malware can use to infect your system. [b]Please follow these steps to remove older version Java components and update to the latest version...[/b]

[b][color=blue]Updating Java:[/color][/b][list]
[*]Download the latest version of [b][url="http://www.oracle.com/technetwork/java/javase/downloads/index.html"]Java Runtime Environment (JRE) 7 Update 1[/url][/b].
[*]Click the

[b]Download[/b]
button to the right.
[*]Select Windows on platform combobox and check the box that says:

[b][i]Accept[/i][/b][i] License Agreement[/i]. Click continue.
[*]The page will refresh.
[*]Click on the link to download [i]Windows Offline Installation[/i] with or without Multi-language and save to your desktop.
[*]Close any programs you may have running - especially your web browser.
[*]Go to [b]Start[/b] > [b]Control Panel[/b] double-click on [b]Add/Remove[/b] programs and remove all older versions of Java.
[*]Check any item with Java Runtime Environment (JRE or J2SE) in the name.
[*]Click the [b]Remove[/b] or [b]Change/Remove[/b] button.
[*]Repeat as many times as necessary to remove each Java versions.
[*]Reboot your computer once all Java components are removed.
[*]Then from your desktop double-click on [b]jre-7u1-windows-i586.exe[/b] to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
[/list]


* Go [url="http://www.eset.eu/online-scanner"][color=red][b][u]here[/u][/b][/color][/url] to run an online scanner from ESET.[list]
[*][color=red][b]Note:[/b][/color] You will need to use [color=blue][b]Internet explorer[/b][/color] for this scan
[*]Tick the box next to [b]YES, I accept the Terms of Use.[/b]
[*]Click [b]Start[/b]
[*]When asked, allow the activex control to install
[*]Click [b]Start[/b]
[*]Make sure that the option [b]Remove found threats[/b] is UNchecked and the option [b]Scan unwanted applications[/b] is checkmarked.
[*]Click [b]Scan[/b]
[*]Wait for the scan to finish.
[/list]
Post back its report & a fresh dds.txt log. Any issues left?

Share this post


Link to post
Share on other sites
Deleted uTorrent folder
Removed old flash from your link
Added new flash from your link
Removed all old JAVA
Installed the newest JRE

Ran ESET. It did find 2 things, file attached.

Reran dds, files attached.

Thank you,
J

Share this post


Link to post
Share on other sites
Hi,

You may ignore those two findings. How's the system running now?

Share this post


Link to post
Share on other sites
My PC seems to be running great now.

Prior to all of this, I was using the AVG software and SpywareBlaster. And apparently we see what happened. Currently those are still on as well as Ad-Aware. Do you think I should go ahead and leave all three or remove AVG? Or is there any other protection that I should use instead? You have helped so much Blade81 and truly appreciate and trust your advice.

Thank you!!!
J

Share this post


Link to post
Share on other sites
You're welcome :)

[quote]Prior to all of this, I was using the AVG software and SpywareBlaster. And apparently we see what happened. Currently those are still on as well as Ad-Aware. Do you think I should go ahead and leave all three or remove AVG? Or is there any other protection that I should use instead?[/quote]
Malware probably got in by exploiting vulnerabilities in those outdated Flash and Java. Among good protection software it's impotant system and its 3rd party software is up-to-date.

If no issues left, it's time to secure your system to prevent against further intrusions.


[color=blue]THESE STEPS ARE VERY IMPORTANT[/color]

[color=purple]Let's reset system restore[/color]
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
[color=blue]NOTE: only do this ONCE,[size=1][b]NOT[/b] [/size]on a regular basis[/color]


Now lets uninstall ComboFix:[list]
[*]Click START then RUN
[*]Now copy-paste [b]Combofix /uninstall[/b] in the runbox and click OK
[/list]

[color=orange]UPDATING WINDOWS AND INTERNET EXPLORER[/color]

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to [url="http://windowsupdate.microsoft.com/"][color=blue]the windows update site[/color][/url] to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


[color=purple]Make your Internet Explorer more secure[/color]

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.


Download and run [url="http://secunia.com/vulnerability_scanning/personal/"]Secunia Personal Software Inspector (PSI)[/url] and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.


[b]Just a final reminder for you. I am trying to stress these two points.[/b]
[color=green][size=1]UPDATE UPDATE UPDATE!!![/size][/color] Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
[color=purple]Visit Microsoft's Windows Update Site Frequently[/color] - It is important that you visit [url="http://www.windowsupdate.com"]http://www.windowsupdate.com[/url] regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

[color=green]Have a great day,[/color]
Blade B)

Share this post


Link to post
Share on other sites
Things seem to be going really smooth on the system. Only problem I have really had is not virus related. Just a probably with other software. Primarily two: AVG and iTunes.

Early in our posts I had mentioned trying to uninstall AVG but something must have messed up and it will not let me uninstall. And I cannot re install it either hoping it would correct any problem. I can live with it for now, just kinda annoying.

And also, for at least a year or more when I update iTunes, occasionally I am not able to update to the latest version. I am on 10.3.1.55, latest version is 10.5.1 according to Secunia PSI. All seems to be working ok, but I know there are those little fixes in the background that I usually want it to update/correct just for safety.

Other than that, PC is running great.

Thanks,
J

Share this post


Link to post
Share on other sites
Hi,

What happens when you try to uninstall AVG? Please see if [url=http://download.avg.com/filedir/util/avgrem/avg_remover_stf_x86_2012_1796.exe]AVG remover[/url] works. Also, if iTunes is having issues better try to reinstall it.

Share this post


Link to post
Share on other sites
Well, I have been crazy busy and have not had much time to work on the PC. But, I have not got AVG off it yet. I just found this text file it made after attempting to remove AVG a couple times last week and again this morning.

I am starting to think if I get time in a couple weeks (after Christmas), it may be time for me to make sure all my data is totally backed up and I may consider re-installing everything from scratch on the PC.

I truly appreciate all your very valuable help Blade81. You have helped me (and my wife) out so much since she is probably on this more during the day than I am in the mornings and evenings.

Jeremy

Share this post


Link to post
Share on other sites
Hi,


[url="http://www.revouninstaller.com/"]Revo Uninstaller[/url] may be able to help here.

Share this post


Link to post
Share on other sites
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0